OBIEE 11g6: Setting up Access Permissions to Reports and Dashboards

Putting into one sentence, we would need to create a user, then put him into a group then put that group into an application role.
Then we can use this application role created in above step to give users access to our reports or dashboard pages.

By looking at the permissions on the “Quarterly Revenue” report, we can observe that “BI Administrator Role” and “BI Consumer Role” are assigned by default when a report is created by the “weblogic” administrator user.

I will be creating two users(Jerry, Justin) and two groups(Toons, Music) and put each user into each of the different groups.
Then create two Application Roles(ToonViewer, MusicMaker) with “Create Like…” with “BI Consumer Role” and put each of the above groups into these newly created Application Roles.
Then allot the “Quarterly Revenue” report these Application Roles to experience how each of these users will be able to access the report.

Go to the “Domain Structure” Pane on the left and select “Security Realms”, on the right pane select “myrealm” in the “Realms” section.

Select the “Users and Groups” tab and click the “New” button to create a new user.

Then enter “Jerry” for the “Name:”, “Jerry Mouse” for “Description”, select “DefaultAuthenticator” for the “Provider:”, enter “jerry123” for the “Password:” and “Confirm Password:” as show in below screenshot.

Click “OK” button.

create another user with same process and then enter “Justin” for the “Name:”, “Justin Trevor” for “Description”, select “DefaultAuthenticator” for the “Provider:”, enter “justin123” for the “Password:” and “Confirm Password:”.

Click “OK” button.

Now click on the “Groups” tab, click on the “New” button to create a new group.

Enter “Toons” for the “Name”, enter “Toons group” for the “Description” and select “DefaultAuthenticator” for the “Provider” as show in below screenshot.

Click the “OK” button.

With the same process above create another group by entering “Music” for the “Name”, enter “Music lovers” for the “Description” and select “DefaultAuthenticator” for the “Provider” as show in below screenshot.

In the left pane select the “Farm_bifoundation_domain” -> “Weblogic Domain” -> “bifoundation_domain”, right click on bifoundation_domain and select “Security” -> “Application Roles”.

Under the “Search” section select “obi” for the “Application Stripe” and click on the blue arrow button to list the Application Roles.

Select the “BIConsumer” Role and click on the “Create Like…” link , enter “ToonViewer” for the “Role Name” and “Toon Viewer Role” for the “Display Name” field.

Click the “OK” button.

With the above mentioned procedure create another Application Role and select the “BIConsumer” Role and click on the “Create Like…” link , enter “MusicMaker” for the “Role Name” and “Music Maker Role” for the “Display Name” field.

Click the “OK” button.

Now on to linking of the our of the Application Roles(ToonViewer, MusicMaker) to Application Policies(like BIConsumer and like BIAuthor) respectively.

Logout of the analytics web page and login with the user: Jerry/jerry123.

Select “Catalog” on the menu and scroll on the left pane “Folder” -> “Shared Folders” -> “Sample Lite”.

On the right pane scroll down to see “Quarterly Revenue” and click “Open”.

You should be able to see the results.

Now login as user: Jerry/jerry123

Select “Catalog” on the menu and scroll on the left pane “Folder” -> “Shared Folders” -> “Sample Lite”

Observe that “Quarterly Revenue” is not show here.

Now login as user: Justin/justin123

Select “Catalog” on the menu and scroll on the left pane “Folder” -> “Shared Folders” -> “Sample Lite”

Observe that “Quarterly Revenue” report can be open here.

Summary:
In order achieve the Reprot and Dashboard permission controls, we first go ahead creating the user, the group and then the Application Role. Once those are created we come in the reverse order Assigning an Application Policy to the Application Role, then the group to the Application Role, then assign a group to the user.
Once above is done we can go into the Reports and Dashboards and start using these Application Roles to guard our Objects(reports and dashboards).